CVE-2024-25042 — Cross-site Scripting in IBM Cognos Analytics
Severity
6.1MEDIUMNVD
CNA5.4
EPSS
0.1%
top 76.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 18
Description
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3
is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7